# BeaverCheck Audit Report — https://wponetap.com

**Date:** April 22, 2026  
**URL:** https://wponetap.com  
**Overall Grade:** C (73/100)  
**Report:** https://beavercheck.com/results/ea54e329-5a91-4016-9c36-6417c4f78cbe

## Top Findings

1. **[CRITICAL]** Content-Security-Policy header is missing — Security > Security Headers
2. **[CRITICAL]** HSTS header is missing — Security > Security Headers
3. **[CRITICAL]** No Content-Security-Policy header found — Security > Content Security Policy
4. **[CRITICAL]** Page weighs 16.9 MB (8.3 MB transferred) — Performance > Page Weight Budget
5. **[CRITICAL]** 2 control(s) without accessible label — Accessibility > Form Accessibility

---

## Lighthouse Scores

| Category | Score |
|----------|-------|
| Performance | 33 |
| Accessibility | 91 |
| Best Practices | 73 |
| SEO | 100 |

---

## Security

### Security Headers (F — 10/100)

*2 of 10 headers properly configured*

- **[CRITICAL]** HSTS header is missing — Strict-Transport-Security forces browsers to use HTTPS, preventing downgrade attacks. Add the header with a max-age of at least 1 year.
- **[WARNING]** X-Content-Type-Options header is missing — This header prevents MIME-type sniffing, which can lead to XSS attacks. Set it to 'nosniff'.
- **[WARNING]** X-Frame-Options header is missing — This header prevents clickjacking by controlling who can embed your page in a frame. Set it to DENY or SAMEORIGIN.
- **[WARNING]** Referrer-Policy header is missing — Controls how much referrer information is sent with requests. Set to 'strict-origin-when-cross-origin' or stricter.
- **[WARNING]** Permissions-Policy header is missing — Controls which browser features (camera, microphone, geolocation) are allowed. Set it to restrict unused features.
- **[CRITICAL]** Content-Security-Policy header is missing — CSP is the most important header for preventing XSS attacks. See the CSP section for detailed analysis.
- **[WARNING]** Cross-Origin-Opener-Policy header is missing — COOP isolates your browsing context, preventing cross-origin side-channel attacks. Set to 'same-origin'.
- **[WARNING]** Cross-Origin-Embedder-Policy header is missing — COEP prevents loading cross-origin resources without explicit permission. Required for SharedArrayBuffer and high-resolution timers.
- **[PASS]** X-Powered-By header is not present
- **[PASS]** Server header is present without version info

### Content Security Policy (F — 0/100)

*No enforcing CSP policy found*

- **[CRITICAL]** No Content-Security-Policy header found — CSP is the most effective defense against XSS attacks. Add a Content-Security-Policy header to restrict resource loading.

### TLS & Certificates (A+ — 100/100)

*TLS 1.3, 7 checks passed*

- **[PASS]** TLS 1.3 is used
- **[PASS]** Strong cipher suite is used
- **[INFO]** HTTP/2 is not negotiated — HTTP/2 provides multiplexing and header compression for better performance.
- **[PASS]** Certificate is valid (expires in 109 days)
- **[PASS]** Certificate chain has 2 certificates
- **[PASS]** Certificate uses modern signature algorithm
- **[PASS]** Certificate covers 2 domain(s)
- **[PASS]** Certificate is issued by a trusted CA

### Cookie Security (A+ — 100/100)

*No cookies set — no cookie security risks*

- **[PASS]** No cookies set — no cookie security risks

---

## Advanced Security

### Subresource Integrity (D — 40/100)

*1 of 18 external resources have SRI*

- **[WARNING]** External script from sibautomation.com lacks integrity attribute — Without SRI, if this CDN is compromised, attackers could inject malicious code.
- **[WARNING]** External script from load.server.wponetap.com lacks integrity attribute — Without SRI, if this CDN is compromised, attackers could inject malicious code.
- **[WARNING]** External script from server.wponetap.com lacks integrity attribute — Without SRI, if this CDN is compromised, attackers could inject malicious code.
- **[WARNING]** External script from load.server.wponetap.com lacks integrity attribute — Without SRI, if this CDN is compromised, attackers could inject malicious code.
- **[WARNING]** External script from cdn-cookieyes.com lacks integrity attribute — Without SRI, if this CDN is compromised, attackers could inject malicious code.
- **[PASS]** script from www.gstatic.com has SRI protection
- **[WARNING]** External script from connect.facebook.net lacks integrity attribute — Without SRI, if this CDN is compromised, attackers could inject malicious code.
- **[WARNING]** External script from connect.facebook.net lacks integrity attribute — Without SRI, if this CDN is compromised, attackers could inject malicious code.
- **[WARNING]** External script from load.server.wponetap.com lacks integrity attribute — Without SRI, if this CDN is compromised, attackers could inject malicious code.
- **[WARNING]** External script from js.stripe.com lacks integrity attribute — Without SRI, if this CDN is compromised, attackers could inject malicious code.
- **[WARNING]** External script from cdn.brevo.com lacks integrity attribute — Without SRI, if this CDN is compromised, attackers could inject malicious code.
- **[WARNING]** External script from cdn-cookieyes.com lacks integrity attribute — Without SRI, if this CDN is compromised, attackers could inject malicious code.
- **[WARNING]** External link from sibforms.com lacks integrity attribute — Without SRI, if this CDN is compromised, attackers could inject malicious code.
- **[WARNING]** External script from sibforms.com lacks integrity attribute — Without SRI, if this CDN is compromised, attackers could inject malicious code.
- **[WARNING]** External script from www.google.com lacks integrity attribute — Without SRI, if this CDN is compromised, attackers could inject malicious code.
- **[WARNING]** External link from sibforms.com lacks integrity attribute — Without SRI, if this CDN is compromised, attackers could inject malicious code.
- **[WARNING]** External script from sibforms.com lacks integrity attribute — Without SRI, if this CDN is compromised, attackers could inject malicious code.
- **[WARNING]** External script from www.google.com lacks integrity attribute — Without SRI, if this CDN is compromised, attackers could inject malicious code.

### JS Library Vulnerabilities (A+ — 100/100)

*No known vulnerabilities*

- **[PASS]** No known JavaScript library vulnerabilities detected

### Information Leakage (A+ — 100/100)

*No exposures*

- **[INFO]** No security.txt found — Consider adding a security.txt at /.well-known/security.txt.
- **[PASS]** No sensitive files exposed

### Email Security (A — 85/100)

*DMARC: quarantine*

- **[PASS]** DMARC policy is quarantine — good protection

### Permissions-Policy (D — 40/100)

*No header set*

- **[WARNING]** No Permissions-Policy header — Consider adding a Permissions-Policy header to restrict browser feature access from embedded content.

### CORS Configuration (B — 80/100)

*No CORS headers*

- **[PASS]** No CORS headers present — secure default

---

## Performance

### Page Weight Budget (F — 0/100)

*8.3 MB transferred, 155 requests*

- **[CRITICAL]** Page weighs 16.9 MB (8.3 MB transferred)
- **[WARNING]** Images are 5.6 MB — compress or use modern formats — Convert images to WebP/AVIF and resize to display dimensions to reduce transfer size.
- **[WARNING]** JavaScript is 2.0 MB — consider code splitting or lazy loading — Large JavaScript bundles delay interactivity. Split code by route or defer non-critical scripts.
- **[INFO]** Fonts are 368 KB — consider subsetting or using system fonts — Subset fonts to include only used characters, or switch to system font stacks.
- **[WARNING]** 155 HTTP requests — consider bundling or reducing — Each request adds latency. Bundle small files, use sprites, or eliminate unnecessary requests.
- **[INFO]** Estimated 1.7 g CO2 per page load

### Third-Party Impact (A — 85/100)

*23% third-party, 0 ms blocking*

- **[INFO]** Third-party code accounts for 23% of page weight (1.9 MiB of 8.3 MiB)
- **[PASS]** Third-party blocking time is low (0 ms)

### Text Compression (A+ — 100/100)

*All text resources are compressed*

- **[PASS]** All text resources are compressed

### Image Optimization (C — 60/100)

*34 images, 0 KB saveable*

- **[WARNING]** https://wponetap.com/wp-content/uploads/2026/01/Wo... is missing width/height — may cause layout shift — Set explicit width and height to prevent CLS.
- **[WARNING]** https://wponetap.com/wp-content/uploads/2019/05/wo... is missing width/height — may cause layout shift — Set explicit width and height to prevent CLS.
- **[WARNING]** https://wponetap.com/wp-content/uploads/2026/01/Wo... is missing width/height — may cause layout shift — Set explicit width and height to prevent CLS.
- **[WARNING]** https://wponetap.com/wp-content/uploads/2026/01/Wo... is missing width/height — may cause layout shift — Set explicit width and height to prevent CLS.
- **[WARNING]** https://wponetap.com/wp-content/uploads/2026/01/Wo... is missing width/height — may cause layout shift — Set explicit width and height to prevent CLS.
- **[WARNING]** https://wponetap.com/wp-content/uploads/2026/01/Wo... is missing width/height — may cause layout shift — Set explicit width and height to prevent CLS.
- **[WARNING]** https://wponetap.com/wp-content/uploads/2026/01/Wo... is missing width/height — may cause layout shift — Set explicit width and height to prevent CLS.
- **[WARNING]** https://wponetap.com/wp-content/uploads/2026/01/Wo... is missing width/height — may cause layout shift — Set explicit width and height to prevent CLS.
- **[WARNING]** https://wponetap.com/wp-content/uploads/2026/01/Wo... is missing width/height — may cause layout shift — Set explicit width and height to prevent CLS.
- **[WARNING]** https://wponetap.com/wp-content/uploads/2026/01/Wo... is missing width/height — may cause layout shift — Set explicit width and height to prevent CLS.

### JS Execution Cost (F — 20/100)

*8521ms total JS execution*

- **[WARNING]** https://wponetap.com/: 2245ms CPU time
- **[WARNING]** https://www.gstatic.com/recaptcha/releases/gTpTIWh...: 1288ms CPU time
- **[WARNING]** Unattributable: 1071ms CPU time
- **[WARNING]** https://wponetap.com/wp-content/plugins/elementor/...: 963ms CPU time
- **[WARNING]** https://wponetap.com/wp-includes/js/jquery/jquery....: 739ms CPU time
- **[WARNING]** Third-party scripts: 4444ms (52% of total)

### Font Loading (A+ — 100/100)

*3 fonts (368 KB)*

- **[INFO]** 3 font(s) use font-display: swap (FOUT risk but functional)

### JS Bundles (F — 20/100)

*50 scripts, 1.4 MB unused*

- **[WARNING]** https://www.gstatic.com/recaptcha/releases/gTpTIWh...: 178 KB unused (49%) — Consider code splitting or tree shaking to reduce unused code.
- **[WARNING]** https://www.gstatic.com/recaptcha/releases/gTpTIWh...: 178 KB unused (49%) — Consider code splitting or tree shaking to reduce unused code.
- **[WARNING]** https://www.gstatic.com/recaptcha/releases/gTpTIWh...: 178 KB unused (49%) — Consider code splitting or tree shaking to reduce unused code.
- **[WARNING]** https://www.gstatic.com/recaptcha/releases/gTpTIWh...: 178 KB unused (49%) — Consider code splitting or tree shaking to reduce unused code.
- **[WARNING]** https://www.gstatic.com/recaptcha/releases/gTpTIWh...: 178 KB unused (49%) — Consider code splitting or tree shaking to reduce unused code.
- **[INFO]** Total unused JavaScript: 1.4 MB

### Resource Caching (A+ — 100/100)

*All resources properly cached*

- **[PASS]** No caching issues found

### Critical Rendering Path (A+ — 100/100)

*No render-blocking resources*

- **[PASS]** No render-blocking resources detected

### Resource Hints (A+ — 100/100)

*4 hints, 0 missing preconnects*

- **[PASS]** Page uses 4 resource hint(s)

### Page Weight Inventory (F — 30/100)

*155 resources · 8.3 MB · 1.4 MB savings available*

- **[WARNING]** Page weight 7.3 MB over 1MB target
- **[INFO]** ~1.4 MB of savings available
- **[INFO]** 47 third-party resources (23% of weight)
- **[INFO]** 12 resources over 200KB

### Render-Blocking Resources (A+ — 100/100)

*No render-blocking resources detected*

- **[PASS]** No render-blocking resources detected in <head>

### Third-Party Resources (A+ — 100/100)

*No third-party resources detected*


---

## Content Quality

### Links (F — 40/100)

*200 links checked, 158 healthy, 42 broken*

- **[CRITICAL]** 158 of 200 links are healthy
- **[WARNING]** Broken link: https://wponetap.com/xmlrpc.php — Found in <link href>. Get "https://wponetap.com/xmlrpc.php": context deadline exceeded
- **[WARNING]** Broken link: https://wponetap.com/ — Found in <link href>. Get "https://wponetap.com/": context deadline exceeded
- **[WARNING]** Broken link: https://zh-CN.wponetap.com/ — Found in <link href>. Get "https://zh-CN.wponetap.com/": tls: failed to verify certificate: x509: certificate is valid for *.gtranslate.net, *.tdn.gtranslate.net, not zh-CN.wponetap.com
- **[WARNING]** Broken link: https://www.googletagmanager.com — Found in <link href>. Returns HTTP 404.
- **[WARNING]** Broken link: https://fonts.gstatic.com — Found in <link href>. Returns HTTP 404.
- **[WARNING]** Broken link: https://fonts.googleapis.com — Found in <link href>. Returns HTTP 404.
- **[WARNING]** Broken link: https://wponetap.com/feed/ — Found in <link href>. Get "https://wponetap.com/feed/": context deadline exceeded
- **[WARNING]** Broken link: https://wponetap.com/comments/feed/ — Found in <link href>. Get "https://wponetap.com/comments/feed/": context deadline exceeded
- **[WARNING]** Broken link: https://wponetap.com/wp-json/oembed/1.0/embed?url=https%3... — Found in <link href>. Get "https://wponetap.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwponetap.com%2F": context deadline exceeded
- **[WARNING]** Broken link: https://wponetap.com/wp-json/oembed/1.0/embed?url=https%3... — Found in <link href>. Get "https://wponetap.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwponetap.com%2F&format=xml": context deadline exceeded
- **[WARNING]** Broken link: https://wponetap.com/wp-content/plugins/easy-digital-down... — Found in <link href>. Get "https://wponetap.com/wp-content/plugins/easy-digital-downloads-pro/includes/blocks/assets/css/edd-blocks.css?ver=3.6.6": context deadline exceeded
- **[WARNING]** Broken link: https://wponetap.com/wp-content/plugins/accessibility-plu... — Found in <link href>. Get "https://wponetap.com/wp-content/plugins/accessibility-plugin-onetap-pro/assets/css/apop-front-end.min.css?ver=6.14.0": context deadline exceeded
- **[WARNING]** Broken link: https://wponetap.com/wp-content/plugins/accessibility-plu... — Found in <link href>. Get "https://wponetap.com/wp-content/plugins/accessibility-plugin-onetap-pro/assets/css/onetap-fonts-readable.min.css?ver=6.14.0": context deadline exceeded
- **[WARNING]** Broken link: https://wponetap.com/wp-content/plugins/accessibility-plu... — Found in <link href>. Get "https://wponetap.com/wp-content/plugins/accessibility-plugin-onetap-pro/assets/css/onetap-fonts-dyslexic.min.css?ver=6.14.0": context deadline exceeded
- **[WARNING]** Broken link: https://wponetap.com/wp-content/plugins/onetap-discount-f... — Found in <link href>. Get "https://wponetap.com/wp-content/plugins/onetap-discount-for-edd/public/css/onetap-discount-for-edd-public.css?ver=1.0.0": context deadline exceeded
- **[WARNING]** Broken link: https://wponetap.com/wp-content/plugins/affiliate-wp/asse... — Found in <link href>. Get "https://wponetap.com/wp-content/plugins/affiliate-wp/assets/css/forms.min.css?ver=2.32.0": context deadline exceeded
- **[WARNING]** Broken link: https://wponetap.com/wp-content/plugins/elementor/assets/... — Found in <link href>. Get "https://wponetap.com/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=4.0.2": context deadline exceeded
- **[WARNING]** Broken link: https://wponetap.com/wp-content/uploads/rey/hs-bf19e01c21... — Found in <link href>. Get "https://wponetap.com/wp-content/uploads/rey/hs-bf19e01c21.css?ver=3.1.10.1770060895": context deadline exceeded
- **[WARNING]** Broken link: https://wponetap.com/wp-content/uploads/elementor/css/pos... — Found in <link href>. Get "https://wponetap.com/wp-content/uploads/elementor/css/post-10558.css?ver=1776838040": context deadline exceeded
- **[WARNING]** Broken link: https://wponetap.com/wp-content/uploads/elementor/css/pos... — Found in <link href>. Get "https://wponetap.com/wp-content/uploads/elementor/css/post-18693.css?ver=1776838040": context deadline exceeded
- **[WARNING]** Broken link: https://wponetap.com/wp-content/plugins/mailin/css/mailin... — Found in <link href>. Get "https://wponetap.com/wp-content/plugins/mailin/css/mailin-front.css?ver=6.9.4": context deadline exceeded
- **[WARNING]** Broken link: https://wponetap.com/wp-includes/js/jquery/jquery.min.js?... — Found in <script src>. Get "https://wponetap.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1": context deadline exceeded
- **[WARNING]** Broken link: https://wponetap.com/wp-includes/js/jquery/jquery-migrate... — Found in <script src>. Get "https://wponetap.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1": context deadline exceeded
- **[WARNING]** Broken link: https://wponetap.com/wp-includes/js/dist/hooks.min.js?ver... — Found in <script src>. Get "https://wponetap.com/wp-includes/js/dist/hooks.min.js?ver=dd5603f07f9220ed27f1": context deadline exceeded
- **[WARNING]** Broken link: https://wponetap.com/wp-content/plugins/affiliate-wp/asse... — Found in <script src>. Get "https://wponetap.com/wp-content/plugins/affiliate-wp/assets/js/tracking.min.js?ver=2.32.0": context deadline exceeded
- **[WARNING]** Broken link: https://wponetap.com/wp-json/wp/v2/pages/19083 — Found in <link href>. Get "https://wponetap.com/wp-json/wp/v2/pages/19083": context deadline exceeded
- **[WARNING]** Broken link: https://wponetap.com/xmlrpc.php?rsd — Found in <link href>. Get "https://wponetap.com/xmlrpc.php?rsd": context deadline exceeded
- **[CRITICAL]** Broken link: https://wponetap.com/modules/ — Found in <a href>. Get "https://wponetap.com/modules/": context deadline exceeded
- **[CRITICAL]** Broken link: https://wponetap.com/ready-to-use-profiles/ — Found in <a href>. Get "https://wponetap.com/ready-to-use-profiles/": context deadline exceeded
- **[CRITICAL]** Broken link: https://wponetap.com/agency-pricing/ — Found in <a href>. Get "https://wponetap.com/agency-pricing/": context deadline exceeded
- **[CRITICAL]** Broken link: https://wponetap.com/help-center/ — Found in <a href>. Get "https://wponetap.com/help-center/": context deadline exceeded
- **[CRITICAL]** Broken link: https://wponetap.com/support/ — Found in <a href>. Get "https://wponetap.com/support/": context deadline exceeded
- **[CRITICAL]** Broken link: https://wponetap.com/accessibility-blog/ — Found in <a href>. Get "https://wponetap.com/accessibility-blog/": context deadline exceeded
- **[CRITICAL]** Broken link: https://wponetap.com/contrast-checker/ — Found in <a href>. Get "https://wponetap.com/contrast-checker/": context deadline exceeded
- **[CRITICAL]** Broken link: https://wponetap.com/changelog/ — Found in <a href>. Get "https://wponetap.com/changelog/": context deadline exceeded
- **[CRITICAL]** Broken link: https://wponetap.com/wordpress-accessibility-wcag-eaa-ada... — Found in <a href>. Get "https://wponetap.com/wordpress-accessibility-wcag-eaa-ada-compliance-mit-onetap/": context deadline exceeded
- **[CRITICAL]** Broken link: https://wponetap.com/wcag-the-web-content-accessibility-g... — Found in <a href>. Get "https://wponetap.com/wcag-the-web-content-accessibility-guidelines-requirements-for-wordpress-websites/": context deadline exceeded
- **[CRITICAL]** Broken link: https://wponetap.com/eaa-european-accessibility-act-2025-... — Found in <a href>. Get "https://wponetap.com/eaa-european-accessibility-act-2025-requirements-for-wordpress-websites/": context deadline exceeded
- **[CRITICAL]** Broken link: https://wponetap.com/en-301-549-european-standard-for-dig... — Found in <a href>. Get "https://wponetap.com/en-301-549-european-standard-for-digital-accessibility-guidelines-requirements-for-wordpress-websites/": context deadline exceeded
- **[CRITICAL]** Broken link: https://wponetap.com/ada-americans-with-disabilities-act-... — Found in <a href>. Get "https://wponetap.com/ada-americans-with-disabilities-act-requirements-for-wordpress-websites/": context deadline exceeded
- **[CRITICAL]** Broken link: https://wponetap.com/us-section-508-requirements-for-word... — Found in <a href>. Get "https://wponetap.com/us-section-508-requirements-for-wordpress-websites/": context deadline exceeded
- **[WARNING]** Broken link: https://wponetap.com/wp-content/plugins/elementor-pro/ass... — Found in <script src>. Get "https://wponetap.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=4.0.2": context deadline exceeded

### Mixed Content (A+ — 100/100)

*No mixed content detected — all resources use HTTPS.*

- **[PASS]** No mixed content detected — all resources use HTTPS

### Open Graph (A+ — 100/100)

*Open Graph tags are well configured for social sharing.*

- **[INFO]** og:title is long (80 characters) — Titles over 60 characters may be truncated in social sharing previews.

### Structured Data (C — 75/100)

*2 JSON-LD block(s) found — some improvements recommended.*

- **[CRITICAL]** Malformed JSON-LD block #1 — JSON parse error: Mismatch type map[string]interface {} with value array "at index 0: mismatched type with value\n\n\t[{\"@context\":\"https:\\/\\/schema.o\n\t^...............................\n"
- **[PASS]** 2 JSON-LD blocks found

---

## Infrastructure

### DNS Records (A+ — 95/100)

*1 A records, 50 ms lookup*

- **[PASS]** Resolves to 1 IPv4 address(es)
- **[INFO]** Single A record — no DNS redundancy — Multiple A records provide failover if one server goes down.
- **[PASS]** Has 1 IPv6 (AAAA) record(s)
- **[PASS]** 3 nameserver(s) configured
- **[PASS]** 1 mail exchanger(s) configured
- **[INFO]** CAA records not checked — CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
- **[PASS]** SPF record present in TXT
- **[PASS]** DNS resolution time: 50 ms

### Redirect Chain (A+ — 100/100)

*No redirects — direct access*

- **[PASS]** No redirects — direct access

### IPv6 Readiness (A+ — 100/100)

*IPv6 reachable (28 ms)*

- **[PASS]** IPv6 is configured and reachable at 2a01:4f8:1061:10d2::2

### Crawlability (A+ — 100/100)

*robots.txt present, sitemap with 9 URLs*

- **[PASS]** robots.txt is present
- **[PASS]** sitemap.xml is present
- **[PASS]** sitemap.xml is valid XML
- **[PASS]** sitemap.xml contains 9 entries
- **[PASS]** Sitemap index with 9 child sitemaps
- **[PASS]** robots.txt references sitemap

### URL Variants (B — 75/100)

*www/non-www, trailing slash, HTTP→HTTPS*

- **[CRITICAL]** HTTP version does not redirect to HTTPS

### Domain Intelligence (A+ — 100/100)

*wponetap.com — via Hetzner Online GmbH, 1 years, 7 months old*

- **[PASS]** Domain registered until Sep 11, 2026 (4 months remaining)
- **[INFO]** DNSSEC is not enabled — DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
- **[PASS]** Registrar: Hetzner Online GmbH
- **[WARNING]** Registrar lock is NOT enabled — The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.

---

## Compliance

### WCAG Compliance (A+ — 100/100)

*No testable criteria*


### Cookie Consent & Privacy (B — 80/100)

*No consent signals detected*

- **[WARNING]** No privacy policy link detected — A privacy policy page is recommended for transparency and may be legally required.
- **[INFO]** No terms of service link detected
- **[INFO]** No cookie consent banner detected
- **[INFO]** This is an automated check, not legal advice — BeaverCheck detects technical indicators of consent management. This does not constitute a legal compliance assessment. Consult a privacy professional for GDPR/CCPA compliance.

### Language & i18n (A — 90/100)

*Lang attribute present*

- **[PASS]** <html lang> attribute is present
- **[PASS]** <html lang> value is valid
- **[INFO]** No Content-Language HTTP header
- **[INFO]** Language signals are inconsistent — The <html lang> attribute and Content-Language header should agree.

### Readability & Typography (A+ — 100/100)

*Font sizes and tap targets checked*


### Viewport Configuration (A+ — 100/100)

*Viewport properly configured*

- **[PASS]** Viewport meta tag is present
- **[PASS]** width=device-width is set
- **[PASS]** User zooming is allowed

### Third-Party Trackers (C — 55/100)

*7 trackers detected*

- **[INFO]** 7 third-party trackers detected — Found 5 analytics, 0 advertising, 1 marketing, 1 tag manager trackers.
- **[WARNING]** Trackers detected but no cookie policy found — This page loads 7 trackers but no cookie policy was detected. GDPR requires disclosure when using tracking cookies.
- **[WARNING]** Trackers detected but no privacy policy found — Most data protection regulations require a privacy policy when collecting user data via trackers.

### Cookie & Tracker Inventory (A+ — 100/100)

*0 cookies · 7 trackers · 0 pre-consent*

- **[INFO]** 7 third-party tracker(s) detected on page

---

## Legal

### Legal Page Ecosystem (C — 65/100)

*3 of 7 expected legal pages detected*

- **[PASS]** Privacy Policy detected — Found at https://wponetap.com/data-protection/.
- **[PASS]** Terms of Service detected — Found at https://wponetap.com/terms/.
- **[INFO]** Cookie Policy not detected — No link matching common Cookie Policy URL patterns or link text was found. Most websites are expected to have a Cookie Policy, especially those collecting user data.
- **[PASS]** Accessibility Statement detected — Found at https://wponetap.com/accessibility-blog/.
- **[INFO]** DMCA / Copyright Notice not detected — No link matching common DMCA / Copyright Notice URL patterns or link text was found. Most websites are expected to have a DMCA / Copyright Notice, especially those collecting user data.
- **[INFO]** Refund / Returns Policy not detected — No link matching common Refund / Returns Policy URL patterns or link text was found. Most websites are expected to have a Refund / Returns Policy, especially those collecting user data.
- **[INFO]** Acceptable Use Policy not detected — No link matching common Acceptable Use Policy URL patterns or link text was found. Most websites are expected to have a Acceptable Use Policy, especially those collecting user data.

### Copyright Notice (A+ — 100/100)

*© 2016 – 2026 · All rights reserved*

- **[PASS]** Copyright notice is up to date — Copyright notice is up to date: © 2016 – 2026 · All rights reserved
- **[PASS]** Copyright holder: ·

### Regulatory Indicators

*3 regulatory indicator(s) detected*

- **[INFO]** This is a technical scan, not a legal assessment — BeaverCheck detects technical indicators that may suggest regulatory relevance. This is not a compliance audit and should not be relied upon for legal decisions. Consult qualified legal counsel for compliance assessments.
- **[INFO]** GDPR indicators detected (strong confidence) — Indicators suggesting GDPR may be relevant: Consent management platform detected: cookieyes.com; Text mentions: gdpr. EU General Data Protection Regulation — governs collection and processing of personal data of EU residents.
- **[INFO]** ADA indicators detected (strong confidence) — Indicators suggesting ADA may be relevant: Accessibility statement page found; Text mentions: section 508; Text mentions: wcag. Americans with Disabilities Act / Section 508 — requires digital accessibility for people with disabilities.
- **[INFO]** PCI-DSS indicators detected (moderate confidence) — Indicators suggesting PCI-DSS may be relevant: Payment processor detected: js.stripe.com. Payment Card Industry Data Security Standard — applies to organizations handling credit card data.

### Third-Party Data Sharing

*3 third-party service(s) detected*

- **[INFO]** Data inventory for transparency purposes — This inventory identifies third-party services that receive data from your site visitors. Under regulations like GDPR (Article 30), maintaining records of data processing activities is commonly considered a best practice. This automated scan provides a starting point — it may not capture all data flows.
- **[INFO]** 3 third-party services across 3 categories — 3 third-party services detected across 3 categories: Advertising (1), Payment (1), Security (1). Each of these services receives some user data from your site visitors.
- **[INFO]** Facebook Pixel (Advertising) — Detected via script URL. Typically collects: Page views, Conversions, User behavior, Ad targeting. Privacy policy: https://www.facebook.com/privacy/policy. Data Processing Agreement available.
- **[INFO]** Stripe (Payment) — Detected via script URL. Typically collects: Payment card data (PCI-scoped), Transaction details. Privacy policy: https://stripe.com/privacy. Data Processing Agreement available.
- **[INFO]** reCAPTCHA (Security) — Detected via script URL. Typically collects: Browser behavior, Device info, IP address. Privacy policy: https://policies.google.com/privacy. Data Processing Agreement available.

### Compliance Badges (B — 70/100)

*2 compliance badge(s) detected*

- **[PASS]** GDPR Certified badge detected — Found via image alt text: 'a prominent white circle sits at the center of the image, displaying “gdpr” in large, bold blue letters. above the circle, the phrase “gdpr compliant” is written in a curved arc that follows the contour of the circle’s upper edge. the background features a smooth blue gradient that conveys a modern and approachable digital environment. the overall design emphasizes clarity and readability, with strong color contrast between text and background to support users with visual impairments or color vision deficiencies.'. Note: the presence of a badge does not verify the certification is current or valid.
- **[PASS]** TRUSTe / TrustArc badge detected — Found via body text: 'truste'. Note: the presence of a badge does not verify the certification is current or valid.

---

## Availability

### CDN & Delivery (D — 50/100)

*No CDN detected*

- **[WARNING]** No CDN detected — A CDN can significantly improve load times for users around the world by caching content at edge nodes closer to them.

### HTTP Caching (F — 30/100)

*No cache headers*

- **[WARNING]** No Cache-Control header found — Browsers will use heuristic caching, which can be unpredictable. Set explicit cache headers.

### Transport Security (B — 75/100)

*HTTP/3, HSTS, and TLS version analysis*

- **[INFO]** HTTP/3 (QUIC) not advertised — HTTP/3 eliminates head-of-line blocking. If your CDN supports it, consider enabling it.
- **[WARNING]** Missing Strict-Transport-Security header — HSTS tells browsers to only use HTTPS, preventing SSL stripping attacks.
- **[PASS]** TLS 1.3 in use (fastest handshake, 1-RTT)

---

## Accessibility

### Landmark Structure (A+ — 100/100)

*24 landmarks*

- **[PASS]** <main> landmark present
- **[PASS]** 5 <nav> landmark(s) found
- **[PASS]** All <nav> elements are properly labeled
- **[PASS]** Skip navigation link present

### Heading Hierarchy (D — 45/100)

*44 headings, 3 skip(s)*

- **[WARNING]** Multiple H1 headings (2 found) — A page should have only one H1. Multiple H1s dilute the document outline.
- **[WARNING]** Heading level skipped: H3 → H6 (missing H4) — Skipping heading levels breaks the document outline. Screen readers may interpret missing levels as structural errors.
- **[WARNING]** Heading level skipped: H2 → H6 (missing H3) — Skipping heading levels breaks the document outline. Screen readers may interpret missing levels as structural errors.
- **[WARNING]** Heading level skipped: H2 → H6 (missing H3) — Skipping heading levels breaks the document outline. Screen readers may interpret missing levels as structural errors.

### Alt Text Quality (A — 90/100)

*All 203 images OK*

- **[INFO]** 10 image(s) with alt text over 125 characters
- **[PASS]** 41 decorative image(s) correctly marked
- **[PASS]** 152 image(s) with good alt text

### Form Accessibility (D — 54/100)

*4 of 9 controls have issues*

- **[CRITICAL]** 2 control(s) without accessible label — Form controls need a <label>, aria-label, or aria-labelledby for screen readers.
- **[WARNING]** 2 control(s) rely on placeholder only — Placeholder text disappears on focus and is not a reliable label.
- **[PASS]** 5 control(s) properly labeled

### Link & Button Quality (C — 67/100)

*4 issue(s) across 282 links and 82 buttons*

- **[CRITICAL]** 4 link(s) with no accessible text — Links without text are announced as raw URLs by screen readers.
- **[WARNING]** 1 link(s) open in new tab without warning — Add '(opens in new tab)' to link text or aria-label.
- **[PASS]** 277 link(s) with descriptive text

---

## UX

### 404 Error Page (C — 55/100)

*Could not test*

- **[INFO]** 404 page could not be tested — The 404 page check encountered an error. This may be due to a timeout or network issue.

### Favicon & Branding (C — 55/100)

*3 icon(s) detected*

- **[WARNING]** No favicon.ico at site root — Some older browsers, bookmark tools, and RSS readers look for /favicon.ico. Add one as a fallback.
- **[PASS]** HTML icon links detected
- **[PASS]** Apple touch icon present
- **[PASS]** Multiple icon sizes detected

### Web Manifest (D — 40/100)

*Not found*

- **[INFO]** No web manifest found — No manifest at standard paths (/manifest.json, /site.webmanifest). A manifest is optional but enables PWA features like home screen installation and standalone display.

### Dark Mode Support (D — 40/100)

*No dark mode signals*

- **[INFO]** No dark mode signals detected — Consider adding CSS with @media (prefers-color-scheme: dark) and <meta name='color-scheme' content='light dark'>.
- **[INFO]** Detection limited to meta tags and inline styles — External CSS files may contain prefers-color-scheme rules not visible to this scan.

### Print Stylesheet (D — 40/100)

*No print styles*

- **[INFO]** No print-specific styles detected — When users print this page, they get the screen layout including navigation and non-essential elements. Add @media print rules to hide navigation and optimize layout for paper.

### Navigation UX (F — 35/100)

*1 navigation pattern(s)*

- **[PASS]** Skip navigation link detected
- **[PASS]** 5 navigation landmark(s) detected
- **[PASS]** Hamburger menu detected (responsive design)

---

## SEO

### Canonical URL (A+ — 100/100)

*Properly configured*

- **[PASS]** Canonical tag present
- **[PASS]** Canonical is self-referencing
- **[PASS]** Canonical matches final URL after redirects
- **[PASS]** Canonical target reachable (self-referencing)

### Meta Tags (A+ — 95/100)

*Title optimized*

- **[PASS]** Page title is set
- **[PASS]** Title length (59 chars) is optimal
- **[INFO]** Title and H1 have very different wording — Alignment helps users confirm they've reached the right page.

### Content Depth (A — 85/100)

*2649 words, Difficult*

- **[PASS]** Page has 2649 words — good depth for search engines
- **[INFO]** Text-to-HTML ratio is 2% — Very low ratio suggests heavy framework overhead or boilerplate.
- **[INFO]** Reading level: Difficult (grade 12)

### Internal Links (A — 85/100)

*221 internal, 61 external*

- **[PASS]** 221 internal links (78%)
- **[PASS]** 99% of links use descriptive anchor text
- **[INFO]** Page has 282 links — consider reducing
- **[INFO]** 221 internal / 61 external links
- **[WARNING]** 4 internal links have no anchor text

### Image SEO (B — 80/100)

*203 images, 61 descriptive filenames*

- **[WARNING]** 70% of images have non-descriptive filenames — Search engines use filenames as a signal. Rename to descriptive names like 'team-photo.jpg'.

### Hreflang

*0 hreflang tags*


---

## Sustainability

### CO2 Per Page Load (F — 30/100)

*1.97g CO2 per view*

- **[WARNING]** 1.97g CO2 per page view — This page transfers 8.3 MB, producing an estimated 1.97g of CO2 per visit using the Sustainable Web Design model (v4). Breakdown: data center 0.05g, network 0.41g, end-user device 1.52g.
- **[INFO]** At 10,000 monthly views: 236.8 kg CO2/year — With 10,000 page views per month, this page would generate approximately 236.8 kg of CO2 annually — equivalent to charging 29594 smartphones.
- **[PASS]** Green hosting reduces data center emissions

### Green Hosting (B — 80/100)

*Green (hosting)*

- **[PASS]** Apache HTTP Server uses renewable energy
- **[INFO]** Apache HTTP Server: Verified by the Green Web Foundation
- **[INFO]** Green hosting status based on known provider commitments — Green hosting detection uses a curated database of provider renewable energy commitments. This is not a real-time verification. For authoritative checks, visit thegreenwebfoundation.org.

### Repeat Visit Weight (A+ — 100/100)

*98% cached*

- **[PASS]** 98% reduction on repeat visits — Returning visitors download only 197 KB (vs 8535 KB first visit). 150 of 155 resources are served from browser cache, saving 1.93g CO2 per repeat visit.
- **[INFO]** Repeat visit: 0.05g CO2 (first visit: 1.97g)

### Carbon Budget (F — 30/100)

*89th percentile*

- **[WARNING]** 1.97g CO2 — above the median website (0.60g) — Heavier than an estimated 11% of websites. Reducing page weight, optimizing images, and removing unused JavaScript would lower the carbon footprint. See the Performance tab.
- **[INFO]** Estimated 89th percentile — Compared to: top 10% = 0.20g, target = 0.50g, median = 0.60g per page view.

### Transfer Efficiency (B — 80/100)

*83% efficient*

- **[INFO]** Transfer efficiency: 83% — An estimated 1408 KB (17%) could be eliminated: 0 KB via better compression, 0 KB via modern image formats, 1408 KB of unused JavaScript. This wasted data produces 0.33g of unnecessary CO2 per page view.

---

---

*Generated by [BeaverCheck](https://beavercheck.com) — https://beavercheck.com/results/ea54e329-5a91-4016-9c36-6417c4f78cbe*